Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe
-
Size
68KB
-
MD5
6683714a352fc3014d40ad9c195378e0
-
SHA1
efd3f33aa44e96c1fe48fe48e6d9b245fd5de89e
-
SHA256
2cbe63d8536a9cf2c5705e8fde81b0a0fb80feefcd125d78c3c50955d05f82c5
-
SHA512
defbada389052128d9cfeda29d5ac1742caf278ea671e125ceaca763d843a9a907dc6cfa08873e2301da7e59a7b464e31fbb162faac187240f18f9ceb7027f6b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89c:ymb3NkkiQ3mdBjFIvl358nLA89c
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/4200-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3188-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/8-24-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/8-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3988-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3348-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1104-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1628-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4048-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2528-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1308-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3356-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3164-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3760-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2780-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3908-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4800-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/916-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4136-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1812-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/408-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3112-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4084-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2064-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3344-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3188 xflllll.exe 8 fllllrl.exe 3988 btbbtt.exe 3344 vppjd.exe 2064 jjddv.exe 3348 lrrfllr.exe 4084 1ffffll.exe 3112 thttbb.exe 408 jdjjj.exe 3276 pvdjp.exe 1812 lxfllxf.exe 4136 nttbnh.exe 916 thbttt.exe 2408 9vjjj.exe 4328 ppvvv.exe 4696 rllllxr.exe 4800 xxxrrrr.exe 3908 flrxrxx.exe 2780 hbhhhh.exe 1104 tbnnhb.exe 3760 1ddvv.exe 3164 jdjjd.exe 1628 rlxrrrr.exe 3356 ttnttt.exe 1308 bthhhh.exe 2528 jvdvv.exe 4048 pjvpj.exe 1196 rrlfxlf.exe 2372 rlrrrll.exe 4660 5nnnhn.exe 648 hbhbtb.exe 2756 7pdvv.exe 2092 pjppp.exe 1384 dvdvp.exe 4344 9lrfrrr.exe 4012 llrlrrx.exe 4976 tthhht.exe 2028 ttbtbb.exe 4612 pvdvv.exe 4844 pjdvv.exe 4604 fxfxxrl.exe 5040 xffffll.exe 2660 hhnnbb.exe 3200 nthhbh.exe 3112 5djdv.exe 4176 jpddj.exe 4816 fxffffx.exe 64 rxlfffx.exe 4300 9rfxrxr.exe 1580 tnhbbb.exe 4092 9ntnhh.exe 4152 ddvvp.exe 2420 7jvvd.exe 4696 rlrrxxx.exe 4800 rllxfll.exe 2328 nbbbtb.exe 404 ttbtnn.exe 1252 bbnntt.exe 1104 5jjpp.exe 812 vpdpd.exe 2800 lllffll.exe 3584 xrxffff.exe 4472 hntttt.exe 4228 1bhbbh.exe -
resource yara_rule behavioral2/memory/4200-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/8-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3348-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1104-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1628-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4048-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2528-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1308-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3356-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3164-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3760-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2780-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3908-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4800-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/916-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4136-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1812-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/408-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3112-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3112-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3112-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3112-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4084-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3348-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3348-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3348-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2064-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3344-35-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4200 wrote to memory of 3188 4200 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 489 PID 4200 wrote to memory of 3188 4200 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 489 PID 4200 wrote to memory of 3188 4200 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 489 PID 3188 wrote to memory of 8 3188 xflllll.exe 84 PID 3188 wrote to memory of 8 3188 xflllll.exe 84 PID 3188 wrote to memory of 8 3188 xflllll.exe 84 PID 8 wrote to memory of 3988 8 fllllrl.exe 85 PID 8 wrote to memory of 3988 8 fllllrl.exe 85 PID 8 wrote to memory of 3988 8 fllllrl.exe 85 PID 3988 wrote to memory of 3344 3988 btbbtt.exe 86 PID 3988 wrote to memory of 3344 3988 btbbtt.exe 86 PID 3988 wrote to memory of 3344 3988 btbbtt.exe 86 PID 3344 wrote to memory of 2064 3344 vppjd.exe 87 PID 3344 wrote to memory of 2064 3344 vppjd.exe 87 PID 3344 wrote to memory of 2064 3344 vppjd.exe 87 PID 2064 wrote to memory of 3348 2064 jjddv.exe 88 PID 2064 wrote to memory of 3348 2064 jjddv.exe 88 PID 2064 wrote to memory of 3348 2064 jjddv.exe 88 PID 3348 wrote to memory of 4084 3348 lrrfllr.exe 89 PID 3348 wrote to memory of 4084 3348 lrrfllr.exe 89 PID 3348 wrote to memory of 4084 3348 lrrfllr.exe 89 PID 4084 wrote to memory of 3112 4084 1ffffll.exe 90 PID 4084 wrote to memory of 3112 4084 1ffffll.exe 90 PID 4084 wrote to memory of 3112 4084 1ffffll.exe 90 PID 3112 wrote to memory of 408 3112 thttbb.exe 91 PID 3112 wrote to memory of 408 3112 thttbb.exe 91 PID 3112 wrote to memory of 408 3112 thttbb.exe 91 PID 408 wrote to memory of 3276 408 jdjjj.exe 92 PID 408 wrote to memory of 3276 408 jdjjj.exe 92 PID 408 wrote to memory of 3276 408 jdjjj.exe 92 PID 3276 wrote to memory of 1812 3276 pvdjp.exe 93 PID 3276 wrote to memory of 1812 3276 pvdjp.exe 93 PID 3276 wrote to memory of 1812 3276 pvdjp.exe 93 PID 1812 wrote to memory of 4136 1812 lxfllxf.exe 505 PID 1812 wrote to memory of 4136 1812 lxfllxf.exe 505 PID 1812 wrote to memory of 4136 1812 lxfllxf.exe 505 PID 4136 wrote to memory of 916 4136 nttbnh.exe 95 PID 4136 wrote to memory of 916 4136 nttbnh.exe 95 PID 4136 wrote to memory of 916 4136 nttbnh.exe 95 PID 916 wrote to memory of 2408 916 thbttt.exe 96 PID 916 wrote to memory of 2408 916 thbttt.exe 96 PID 916 wrote to memory of 2408 916 thbttt.exe 96 PID 2408 wrote to memory of 4328 2408 9vjjj.exe 97 PID 2408 wrote to memory of 4328 2408 9vjjj.exe 97 PID 2408 wrote to memory of 4328 2408 9vjjj.exe 97 PID 4328 wrote to memory of 4696 4328 ppvvv.exe 98 PID 4328 wrote to memory of 4696 4328 ppvvv.exe 98 PID 4328 wrote to memory of 4696 4328 ppvvv.exe 98 PID 4696 wrote to memory of 4800 4696 rllllxr.exe 99 PID 4696 wrote to memory of 4800 4696 rllllxr.exe 99 PID 4696 wrote to memory of 4800 4696 rllllxr.exe 99 PID 4800 wrote to memory of 3908 4800 xxxrrrr.exe 100 PID 4800 wrote to memory of 3908 4800 xxxrrrr.exe 100 PID 4800 wrote to memory of 3908 4800 xxxrrrr.exe 100 PID 3908 wrote to memory of 2780 3908 flrxrxx.exe 102 PID 3908 wrote to memory of 2780 3908 flrxrxx.exe 102 PID 3908 wrote to memory of 2780 3908 flrxrxx.exe 102 PID 2780 wrote to memory of 1104 2780 hbhhhh.exe 103 PID 2780 wrote to memory of 1104 2780 hbhhhh.exe 103 PID 2780 wrote to memory of 1104 2780 hbhhhh.exe 103 PID 1104 wrote to memory of 3760 1104 tbnnhb.exe 104 PID 1104 wrote to memory of 3760 1104 tbnnhb.exe 104 PID 1104 wrote to memory of 3760 1104 tbnnhb.exe 104 PID 3760 wrote to memory of 3164 3760 1ddvv.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4200 -
\??\c:\xflllll.exec:\xflllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3188 -
\??\c:\fllllrl.exec:\fllllrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:8 -
\??\c:\btbbtt.exec:\btbbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\vppjd.exec:\vppjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3344 -
\??\c:\jjddv.exec:\jjddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\lrrfllr.exec:\lrrfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3348 -
\??\c:\1ffffll.exec:\1ffffll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4084 -
\??\c:\thttbb.exec:\thttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3112 -
\??\c:\jdjjj.exec:\jdjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:408 -
\??\c:\pvdjp.exec:\pvdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\lxfllxf.exec:\lxfllxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\nttbnh.exec:\nttbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4136 -
\??\c:\thbttt.exec:\thbttt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:916 -
\??\c:\9vjjj.exec:\9vjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\ppvvv.exec:\ppvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4328 -
\??\c:\rllllxr.exec:\rllllxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4696 -
\??\c:\xxxrrrr.exec:\xxxrrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4800 -
\??\c:\flrxrxx.exec:\flrxrxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3908 -
\??\c:\hbhhhh.exec:\hbhhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\tbnnhb.exec:\tbnnhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1104 -
\??\c:\1ddvv.exec:\1ddvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3760 -
\??\c:\jdjjd.exec:\jdjjd.exe23⤵
- Executes dropped EXE
PID:3164 -
\??\c:\rlxrrrr.exec:\rlxrrrr.exe24⤵
- Executes dropped EXE
PID:1628 -
\??\c:\ttnttt.exec:\ttnttt.exe25⤵
- Executes dropped EXE
PID:3356 -
\??\c:\bthhhh.exec:\bthhhh.exe26⤵
- Executes dropped EXE
PID:1308 -
\??\c:\jvdvv.exec:\jvdvv.exe27⤵
- Executes dropped EXE
PID:2528 -
\??\c:\pjvpj.exec:\pjvpj.exe28⤵
- Executes dropped EXE
PID:4048 -
\??\c:\rrlfxlf.exec:\rrlfxlf.exe29⤵
- Executes dropped EXE
PID:1196 -
\??\c:\rlrrrll.exec:\rlrrrll.exe30⤵
- Executes dropped EXE
PID:2372 -
\??\c:\5nnnhn.exec:\5nnnhn.exe31⤵
- Executes dropped EXE
PID:4660 -
\??\c:\hbhbtb.exec:\hbhbtb.exe32⤵
- Executes dropped EXE
PID:648 -
\??\c:\7pdvv.exec:\7pdvv.exe33⤵
- Executes dropped EXE
PID:2756 -
\??\c:\pjppp.exec:\pjppp.exe34⤵
- Executes dropped EXE
PID:2092 -
\??\c:\dvdvp.exec:\dvdvp.exe35⤵
- Executes dropped EXE
PID:1384 -
\??\c:\9lrfrrr.exec:\9lrfrrr.exe36⤵
- Executes dropped EXE
PID:4344 -
\??\c:\llrlrrx.exec:\llrlrrx.exe37⤵
- Executes dropped EXE
PID:4012 -
\??\c:\tthhht.exec:\tthhht.exe38⤵
- Executes dropped EXE
PID:4976 -
\??\c:\ttbtbb.exec:\ttbtbb.exe39⤵
- Executes dropped EXE
PID:2028 -
\??\c:\pvdvv.exec:\pvdvv.exe40⤵
- Executes dropped EXE
PID:4612 -
\??\c:\pjdvv.exec:\pjdvv.exe41⤵
- Executes dropped EXE
PID:4844 -
\??\c:\fxfxxrl.exec:\fxfxxrl.exe42⤵
- Executes dropped EXE
PID:4604 -
\??\c:\xffffll.exec:\xffffll.exe43⤵
- Executes dropped EXE
PID:5040 -
\??\c:\hhnnbb.exec:\hhnnbb.exe44⤵
- Executes dropped EXE
PID:2660 -
\??\c:\nthhbh.exec:\nthhbh.exe45⤵
- Executes dropped EXE
PID:3200 -
\??\c:\5djdv.exec:\5djdv.exe46⤵
- Executes dropped EXE
PID:3112 -
\??\c:\jpddj.exec:\jpddj.exe47⤵
- Executes dropped EXE
PID:4176 -
\??\c:\fxffffx.exec:\fxffffx.exe48⤵
- Executes dropped EXE
PID:4816 -
\??\c:\rxlfffx.exec:\rxlfffx.exe49⤵
- Executes dropped EXE
PID:64 -
\??\c:\9rfxrxr.exec:\9rfxrxr.exe50⤵
- Executes dropped EXE
PID:4300 -
\??\c:\tnhbbb.exec:\tnhbbb.exe51⤵
- Executes dropped EXE
PID:1580 -
\??\c:\9ntnhh.exec:\9ntnhh.exe52⤵
- Executes dropped EXE
PID:4092 -
\??\c:\ddvvp.exec:\ddvvp.exe53⤵
- Executes dropped EXE
PID:4152 -
\??\c:\7jvvd.exec:\7jvvd.exe54⤵
- Executes dropped EXE
PID:2420 -
\??\c:\rlrrxxx.exec:\rlrrxxx.exe55⤵
- Executes dropped EXE
PID:4696 -
\??\c:\rllxfll.exec:\rllxfll.exe56⤵
- Executes dropped EXE
PID:4800 -
\??\c:\nbbbtb.exec:\nbbbtb.exe57⤵
- Executes dropped EXE
PID:2328 -
\??\c:\ttbtnn.exec:\ttbtnn.exe58⤵
- Executes dropped EXE
PID:404 -
\??\c:\bbnntt.exec:\bbnntt.exe59⤵
- Executes dropped EXE
PID:1252 -
\??\c:\5jjpp.exec:\5jjpp.exe60⤵
- Executes dropped EXE
PID:1104 -
\??\c:\vpdpd.exec:\vpdpd.exe61⤵
- Executes dropped EXE
PID:812 -
\??\c:\lllffll.exec:\lllffll.exe62⤵
- Executes dropped EXE
PID:2800 -
\??\c:\xrxffff.exec:\xrxffff.exe63⤵
- Executes dropped EXE
PID:3584 -
\??\c:\hntttt.exec:\hntttt.exe64⤵
- Executes dropped EXE
PID:4472 -
\??\c:\1bhbbh.exec:\1bhbbh.exe65⤵
- Executes dropped EXE
PID:4228 -
\??\c:\tbhnbh.exec:\tbhnbh.exe66⤵PID:1588
-
\??\c:\ppddj.exec:\ppddj.exe67⤵PID:4436
-
\??\c:\9vdvv.exec:\9vdvv.exe68⤵PID:1264
-
\??\c:\lfxrllf.exec:\lfxrllf.exe69⤵PID:3692
-
\??\c:\frfflrx.exec:\frfflrx.exe70⤵PID:2956
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe71⤵PID:2380
-
\??\c:\tntttb.exec:\tntttb.exe72⤵PID:1736
-
\??\c:\tthntb.exec:\tthntb.exe73⤵PID:4708
-
\??\c:\ppjjp.exec:\ppjjp.exe74⤵PID:5008
-
\??\c:\pjjvv.exec:\pjjvv.exe75⤵PID:448
-
\??\c:\9xfllrl.exec:\9xfllrl.exe76⤵PID:4376
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe77⤵PID:4360
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe78⤵PID:2920
-
\??\c:\hhnnnh.exec:\hhnnnh.exe79⤵PID:2324
-
\??\c:\hbtnbb.exec:\hbtnbb.exe80⤵PID:4768
-
\??\c:\thtnhh.exec:\thtnhh.exe81⤵PID:3052
-
\??\c:\dvvvp.exec:\dvvvp.exe82⤵PID:4588
-
\??\c:\pppjd.exec:\pppjd.exe83⤵PID:720
-
\??\c:\xrxfxll.exec:\xrxfxll.exe84⤵PID:1332
-
\??\c:\5llfffx.exec:\5llfffx.exe85⤵PID:1808
-
\??\c:\tnttnt.exec:\tnttnt.exe86⤵PID:3252
-
\??\c:\ttnhtt.exec:\ttnhtt.exe87⤵PID:1744
-
\??\c:\pjppp.exec:\pjppp.exe88⤵PID:4580
-
\??\c:\ppvpd.exec:\ppvpd.exe89⤵PID:1088
-
\??\c:\vjvpd.exec:\vjvpd.exe90⤵PID:3048
-
\??\c:\rllfxfx.exec:\rllfxfx.exe91⤵PID:3976
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe92⤵PID:1544
-
\??\c:\nhbthh.exec:\nhbthh.exe93⤵PID:3632
-
\??\c:\nnnhtt.exec:\nnnhtt.exe94⤵PID:2408
-
\??\c:\dpjjd.exec:\dpjjd.exe95⤵PID:3196
-
\??\c:\ppdvj.exec:\ppdvj.exe96⤵PID:3876
-
\??\c:\dvpjd.exec:\dvpjd.exe97⤵PID:3368
-
\??\c:\frlxlfl.exec:\frlxlfl.exe98⤵PID:2888
-
\??\c:\lxxlrfr.exec:\lxxlrfr.exe99⤵PID:4596
-
\??\c:\nhhtnh.exec:\nhhtnh.exe100⤵PID:3908
-
\??\c:\7hbttb.exec:\7hbttb.exe101⤵PID:5088
-
\??\c:\9djjj.exec:\9djjj.exe102⤵PID:4992
-
\??\c:\vjjjj.exec:\vjjjj.exe103⤵PID:4100
-
\??\c:\rllfxxx.exec:\rllfxxx.exe104⤵PID:1840
-
\??\c:\llrlrrf.exec:\llrlrrf.exe105⤵PID:3352
-
\??\c:\3xlfffx.exec:\3xlfffx.exe106⤵PID:2052
-
\??\c:\tntttn.exec:\tntttn.exe107⤵PID:2992
-
\??\c:\ntnnnn.exec:\ntnnnn.exe108⤵PID:2356
-
\??\c:\pjvdv.exec:\pjvdv.exe109⤵PID:1584
-
\??\c:\djjdj.exec:\djjdj.exe110⤵PID:4004
-
\??\c:\vvpjd.exec:\vvpjd.exe111⤵PID:4792
-
\??\c:\rxxrxxr.exec:\rxxrxxr.exe112⤵PID:4216
-
\??\c:\3ffrxxl.exec:\3ffrxxl.exe113⤵PID:4180
-
\??\c:\tthhtn.exec:\tthhtn.exe114⤵PID:4888
-
\??\c:\7bnnnn.exec:\7bnnnn.exe115⤵PID:1496
-
\??\c:\vpvpj.exec:\vpvpj.exe116⤵PID:648
-
\??\c:\tbthnn.exec:\tbthnn.exe117⤵PID:1656
-
\??\c:\nhnnbb.exec:\nhnnbb.exe118⤵PID:808
-
\??\c:\jdvvv.exec:\jdvvv.exe119⤵PID:3944
-
\??\c:\pvddp.exec:\pvddp.exe120⤵PID:2520
-
\??\c:\xxffrrr.exec:\xxffrrr.exe121⤵PID:4360
-
\??\c:\rflffff.exec:\rflffff.exe122⤵PID:3228
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-